Login/Register
Bitnami Redis on Kubernetes Authentication Failure with Existing Secret
Asked Answered
Solved kubernetesrediskubernetes-helmbitnami
H

2

5

I'm trying to install Redis on Kubernetes environment with Bitnami Redis HELM Chart. I want to use a defined password rather than randomly generated one. But i'm getting error below when i want to connect to redis master or replicas with redis-cli.

I have no name!@redis-client:/$ redis-cli -h redis-master -a $REDIS_PASSWORD 
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
Warning: AUTH failed

I created a Kubernetes secret like this.

---
apiVersion: v1
kind: Secret
metadata:
  name: redis-secret
  namespace: redis
type: Opaque
data:
  redis-password: YWRtaW4xMjM0Cg==

And in values.yaml file i updated auth spec like below.

auth:
  enabled: true
  sentinel: false
  existingSecret: "redis-secret"
  existingSecretPasswordKey: "redis-password"
  usePasswordFiles: false

If i don't define existingSecret field and use randomly generated password then i can connect without an issue. I also tried AUTH admin1234 after Warning: AUTH failed error but it didn't work either.

Hunk answered 27/8, 2021 at 22:58 Comment(0)
H
3

The issue was about how i encoded password with echo command. There was a newline character at the end of my password. I tried with printf command rather than echo and it created a different result.

printf admin1234 | base64
Hunk answered 2/9, 2021 at 12:7 Comment(0)
D
3

You can achieve it in much simpler way i.e. by running:

$ helm install my-release \
  --set auth.password="admin1234" \
    bitnami/redis

This will update your "my-release-redis" secret, so when you run:

$ kubectl get secrets my-release-redis -o yaml

you'll see it contains your password, already base64-encoded:

apiVersion: v1
data:
  redis-password: YWRtaW4xMjM0Cg==
kind: Secret
...

In order to get your password, you need to run:

export REDIS_PASSWORD=$(kubectl get secret --namespace default my-release-redis -o jsonpath="{.data.redis-password}" | base64 --decode)

This will set and export REDIS_PASSWORD environment variable containing your redis password.

And then you may run your redis-client pod:

kubectl run --namespace default redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image docker.io/bitnami/redis:6.2.4-debian-10-r13 --command -- sleep infinity

which will set REDIS_PASSWORD environment variable within your redis-client pod by assigning to it the value of REDIS_PASSWORD set locally in the previous step.

Debrief answered 30/8, 2021 at 14:59 Comment(2)
I tried to understand why i am unable to use existing secrets and tried with other charts to see if it is related with bitnami redis chart. But the problem was about my base64 encoding. There was a newline character at the end of my password because i encoded it like this; echo admin1234 | base64 When i tried with printf it created a different result and i'm able to use existing secret now. It was a mistake on my side. Gonna post it as an answer. Thanks for the reply. printf admin1234 | base64Mccall
You can still do it with echo command: echo -n „password” | base64. Simply add -n option (do not output the trailing newline).Debrief
H
3

The issue was about how i encoded password with echo command. There was a newline character at the end of my password. I tried with printf command rather than echo and it created a different result.

printf admin1234 | base64
Hunk answered 2/9, 2021 at 12:7 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.